It is also worth mentioning that Android Security Bulletins generally only contain backports of patches for High and Critical vulnerabilities. Most non-Pixel/GrapheneOS phones only get all the other fixes when moving to the next major release [1]. So getting the next major Android release is important (getting to a recent patch-level alone is not enough).
I can completely understand that Graphene does not want to support Fairphone and others, their security/privacy goals are the complete opposite of what those phones provide.
[1] https://discuss.grapheneos.org/d/23462-grapheneos-version-20...